Dr. Kall Loper is a Director at Protiviti in the Dallas office. Dr. Loper is the national service offering lead for Incident Response. Prior to joining Protiviti, Kall has 20 years of experience in Digital Forensics and Incident Response. This experience includes 10+ years owning a forensic consultancy with clients in several national markets and in the Fortune 500. It also includes experience in a Big 4 forensics practice.
At Protiviti, Kall leads and coordinates the Incident Response offering for the US practice and advises and assists global member firms as required. Kall offers internal training in Incident Response at Protiviti based on years as a professor of computer science at Southern Methodist University and experience as the lead instructor in a program and content developer offered by the United States Department of Justice to state and local law enforcement. Kall serves in a workgroup overseeing Quality Assurance and Qualification of responders for Protiviti’s IR offerings nationwide.
At the United States Department of Justice, Kall has served as a Subject Matter Expert and Grant Evaluator in numerous cycles starting in 2005 and continuing to the present.
During his time with a Big 4 Digital Forensics and Incident Response practice, Kall served as one of two lead incident responders for the national IR practice. This experience includes leading a more than yearlong comprehensive response to a large, enterprise-level compromise of an entertainment client and standing up IR and assisting the stand up of SOC operations in a global client in the Fortune 200. Numerous other engagements spanned several industries.
- Security Operations Center (SOC). Standing up a 24/7 SOC/MSSP for a Fortune 200 Company including Tier One training and QA, Tier Two runbook development and QA, and Tier Three Incident Response planning and delivery. SEIM experience including NITRO, Qradar, Logrhythm, and Splunk.
- Malware Analysis. Integration of automated malware analysis to enterprise security operations and implementation of enterprise class tools including FireEye, McAfee (enterprise), Symantec (enterprise), Palo Alto (wildfire), and Cisco AMP. With manual analysis for validation.
- Handcrafted malware examination and investigation on individual responses.
- Digital Forensics. Host-based examination of Linux, UNIX, Mac, and Windows Hosts. Examination with SIFT, SMART, FTK, EnCase, and Hex Editors.
- Cyber Threat Intelligence. Integration of threat feeds to existing enterprise security toolsets and qualitative examination of industry-based threats. Includes participation in ONGISAC (Oil and Natural Gas Information Sharing and Analysis Center).
- Network Traffic Examination and Forensic Analysis. Examination of raw traffic and net flow data using PCap and Hex editors to automated analysis with calibration of alert thresholds and examination using various tools and security technologies (e.g. ProofPoint, Fidelis, FireEye, Sourcefire, Wildfire, Symantec Enterprise Security, McAfee Enterprise Security Suite, Security Onion, various IDS/IPS, various SEIM tools and implementations)
Evidence tracking and digital collection and preservation in forensically sound practice. Updated and implemented on the largest eDiscovery project to date. Responsibilities included oversight of 4 states with multiple project offices with multiple vendor and client units in each. Sites included embedded locations with federal regulators and law enforcement.
Areas of Expertise
- Incident Response
- Digital Forensics
- Security Operations Center (SOC)
- Cyber Threat Intelligence
- Computer Security
- Health Care
- Energy, Oil & Gas
- Communications & Media
- Financial Services
- Faculty, Computer Science & Engineering, Southern Methodist University
- PhD, Michigan State University
- MS, Michigan State University
- BS, Texas Christian University
Professional Memberships and Certifications
- GCIH, Certified Incident Handler
- GSEC, Computer Security
- CCFI, Certified Computer Forensic Investigator - Instructor
- CDEC, Certified Digital Evidence Collection – Instructor
- Three time High Tech Investigation Association Southwest Chapter President